The Business of Cybersecurity

By Cameron Griffith

Recent high profile cyber-attacks on companies ranging from Target to J.P. Morgan & Chase have started a frenzy in the cyber defense industry. As companies continue to move more and more of their functionality online, the importance of investing in cyber security is of increasing importance.

Target, Ashley Madison, Hillary Clinton, JP Morgan & Chase. What do a retail store, a nefarious dating site, the democratic nominee for President of the United States, and one of the world’s largest financial players all have in common? In the past three years all were victims of large-scale, meticulously orchestrated cyber-attacks.

In an age where so much of our lives are spent on the internet, cybercrime has become as far-reaching and diversified as crime in the physical world. These cyber incidents have consequences ranging from monetary losses, to inciting divorce, to influencing the 2016 presidential election.

In 2013, a study undertaken by cybersecurity firm McAfee found that losses from cybercrime in 2013 ranged from $400 to $500 billion. These attacks affected nearly 800 million people and damaged the reputations of countless businesses that fell victim to cyber criminals.

The costs associated with cybercrime have two main components: personal losses and corporate losses. Personal losses result from leaked user data including passwords, credit card information, and social security numbers. These personal losses have an enormous effect on the targeted businesses. Data breaches tarnish a company’s reputation with its customers, making consumers less likely to continue using a product or service that they know is likely to misplace their personal information.

After Target lost the credit card information of 40 million customers, profits fell 46% in the fourth quarter of 2013 as a direct result of a loss in customer confidence. Target also agreed to pay $10 million directly to affected customers, a figure which pales in comparison to the immeasurable losses that Target will suffer in its uphill battle to regain the trust of its customers.

In addition to the reputation costs that businesses face, they also experience direct losses in the form of stolen intellectual property and sensitive information. Corporate espionage often takes the form of concentrated cyber-attacks aimed at mining a corporation’s valuable information. The same McAfee report cited the CEO of a major oil company who claimed the loss of oilfield exploration data cost his company hundreds of millions of dollars despite its best efforts, including millions of dollars of cyber protection systems, to prevent such attacks.

With such substantial sums at stake, it is no wonder that J.P. Morgan has pledged to spend half a billion dollars in 2016 to combat cyber fraud against its own systems. This move is aimed at reassuring account holders following the 2014 hack in which J.P. Morgan lost 83 million personal account details. A Symantec study of cybercrime targeting financial institutions found that banks are 300 times more likely to be the victims of cyber fraud than any other type of business. This means that investing half a billion dollars in cyber security is not so much an insurance measure as a cost of doing business in the digital age.

As businesses continue to move into the digital age, relying on e-commerce for more and more of their revenue stream, it is imperative that companies invest serious capital to protect the privacy of their customers. Cybercrime is a growing industry; a recent report by Juniper Research projected that cybercrime will cost businesses $2 trillion a year by 2019. The substantial negative impacts that hacks have on businesses highlight the importance of investing in cyber protection in the 21st century. As recent data breaches and the revelation of the NSA’s email monitoring system indicate, consumers care about their privacy above all else, and they will not do business with any company which cannot protect their personal information.